Adobe tackles vulnerabilities in Dreamweaver, Experience Manager, Bridge

Adobe has released its monthly security update which resolves vulnerabilities in Adobe Dreamweaver, Experience Manager, and Bridge CC.

No vulnerabilities fixed in the July update are considered critical. 

On Tuesday, the software giant said in a security advisory that the bulk of the relatively small update is focused on Adobe Experience Manager, which has received patches designed to fix a total of three "important" and "moderate" issues. 

Adobe Experience Manager versions 6.3 to 6.5 on all platforms are impacted by the security flaws. 

The first vulnerability, CVE-2019-7953, is a cross-site request forgery issue; the second, CVE-2019-7954, is a stored cross-site scripting bug; and the third, CVE-2019-7955, is a reflected cross-site scripting security problem. 

See also: Adobe fixes critical security flaws in Flash, ColdFusion, Campaign

If exploited, all of these vulnerabilities can be harnessed to force the software to leak sensitive data. 

Adobe also released a patch which resolves a medium-severity vulnerability present in the Adobe Dreamweaver direct download installer for Windows, of which versions released in 2018 and 2019 are vulnerable. 

The privilege escalation security flaw, CVE-2019-7956, relates to insecure library loading and can be used to perform DLL hijacking.  

In addition, a single "important" security flaw, CVE-2019-7963, has been resolved in Adobe Bridge CC versions 9.0.2 and earlier. Impacting both Windows and macOS machines, if exploited, the out-of-bounds read bug can lead to information disclosure. 

TechRepublic: Cybersecurity incidents cost businesses $45B last year

Users should permit automatic updates and bring their software up to the latest available version in order to protect themselves against potential exploitation of the vulnerabilities.  

Adobe thanked researchers from Trend Micro's Zero Day Initiative, Lorenzo Pirondini, and Honc (章哲瑜) for disclosing this month's security problems. 

CNET: Your Mac could be hijacked through major security flaw in Zoom conferencing app

In June, Adobe resolved Flash, ColdFusion, and Campaign Classic bugs which could lead to the execution of arbitrary code if exploited. Flash only received a patch for one vulnerability, a use-after-free security flaw, whilst three issues in Adobe ColdFusion and seven bugs were smoothed over in Adobe Campaign Classic. 

The Mac malware most likely to attack your PC this year

Previous and related coverage

• Adobe security update released for critical Flash, Acrobat, Reader bugs
  
• Adobe Q2 tops estimates with record revenue
  
• Adobe releases out-of-band update to patch ColdFusion zero-day
  

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0